AMENDMENTS TO THE CLAIMS AND CLAIM LISTING 

1 . (Currently amended) A method for authorizing execution of request 
actions transmitted between clients and servers of a data processing system, the method 
comprising: 

receiving a first message including a set of actions^ and a second message 
including user-requested actions and inputs; 

simulating execution of the set of actions and building a list of allowable 
actions and user-definable inputs to the allowable actions; 

comparing the list of allowable actions and user-definable inputs to the user- 
requested actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the 
user-requested actions and inputs, authorizing execution of the user requested actions. 

2. (Original) The method as set forth in claim 1 , wherein the step of 
simulating comprises identifying all possible actions and inputs to the possible actions 
resulting form an execution of the set of actions at a client. 

3. (Original) The method as set forth in claim 1 , wherein the step of 
simulating comprises invoking and triggering each command, field, user-selectable input 
option and HTTP request within the set of actions. 

4. (Original) The method as set forth in claim 1, wherein the user-requested 
actions and inputs includes actions and inputs provided during a user session performed in 
response to receipt of the first message at a client. 

5. (Original) The method as set forth in claim 1, comprising: 
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during the step of simulating, detecting an input control requesting entry of a 
data value and assigning a unique place holder to represent the data value; and 

during the step of comparing, matching a pattern of the unique place holder 
to the input received from the user. 

6. (Original) The method as set forth in claim 1 , wherein the step of 
simulating comprises: 

detecting an input control requesting selection of one of a plurality of 
predefined data values; and 

interatively selecting one of the plurality of predefined data values and 
continuing simulation of the set of actions and building of the list of allowable actions and 
user-definable inputs with the selected one data value until each of the plurality of 
predefined data values is selected and listed. 

7. (Original) The method as set forth in claim 1, comprising: 

prior to the step of simulating, tracing execution of the set of actions at a 

client; and 

during the step of simulating, providing results of the tracing in response to 
the user-selectable inputs. 

8. (Original) The method as set forth in claim 1, comprising: 
prior to the step of simulating: 

identifying actions within the set of actions of the first message; 
supplementing the first message with actions for tracing input to the 
identified actions; and 

transmitting the supplemented first message to a client; and 
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during the set of simulating, providing results of the tracing as user- 
selectable inputs to the identified actions are requested. 

9. (Original) The method as set forth in claim 8, wherein the results of the 
tracing are included within the second message; 

10. (Original) The method as set forth in claim 8, wherein the results of the 
tracing are included within the second message. 

1 1 . (Withdrawn) A security gateway coupled between clients and servers of 
a data processing system, comprising: 

an evaluator for evaluating transmissions between said clients and servers 
and for identifying informational content and application programming logic included 
within each transmission; 

a simulator for simulating a processing environment for executing said 
application programming logic of said transmissions, said simulator including an 
enumeration engine for triggering events and identifying user-definable inputs to said 
application programming logic, said simulator providing a list of allowable actions and user- 
definable input values to said actions; and 

a filter for receiving transmissions including user-requested actions and 
input, comparing said user-requested actions and input to said list of allowable actions and 
user-definable input values, and passing through said security gateway transmissions having 
user-requested actions and inputs within said list of allowable actions and input values. 
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12. (Withdrawn) The security gateway as set forth in claim 11, comprising a 
data store, accessible by said simulator and said filter, for storing said list of allowable 

actions and input values. 

13. (Withdrawn) The security gateway as set forth in claim 1 1, wherein said 
simulator comprises a detector for detecting an input control requesting entry of a data value 
and for assigning a unique place holder to represent said data value, and wherein said filter 
comprises means for matching a pattern of said unique place holder to said input received 
from said user. 

14. (Withdrawn) The security gateway as set forth in claim 11, wherein said 

simulator comprises: 

a detector for detecting an input control requesting selection of one of a 

plurality of predefined data values; and 

means for iteratively selecting one of said plurality of predefined data values, 
continuing simulation of said application programming logic, and building of said list of 
allowable actions and user-definable inputs with said selected one data value until each of 
said plurality of predefined data values is selected and listed. 

15. (Withdrawn) The security gateway as set forth in claim 11, wherein said 
evaluator comprises means for identifying actions of interest within said application 
programming logic and for tracing inputs to said actions received at a client, and wherein 
said simulator comprises means for receiving results of said tracing and providing said 
results as user-selectable inputs to said identified actions are performed within said 
simulation. 
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16. (Original) A method for authorizing execution of requested actions 
transmitted from a client to a server of a client/server data processing system, the method 
performed by a gateway coupled between the client and the server, comprising: 

receiving, from the server, a document including a set of actions; 
simulating execution of the set of actions and building a list of allowable 
actions and user-definable inputs to the allowable actions; 

receiving, from the client, and a message including user-requested actions 

and inputs; 

comparing the list of allowable actions and user-definable inputs to the 
user-requested actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the 
user-requested actions and inputs, transmitting the user-requested actions and inputs to 
the server for execution. 

17. (Original) The method as set forth in claim 16, comprising storing, at 
the gateway, the list of allowable actions and user-definable inputs. 
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